Rapid7 Blog

CVE-2012-0507 - Java Strikes Again

POST STATS:

SHARE

Recently, Microsoft published a blog post regarding a Java exploit that's being used in the wild. The vulnerability is more of a logical flaw that results in unsafe operations, which allows any attacker to run arbitrary code under the context of the user. You may see the blog here:

About two days ago, Metasploit obtained a partial sample of that malware thanks to an anonymous contributor. Frequent Metasploit contributor Juan Vazquez and I then embarked on a 24 hour codeathon to produce a working module, committed to the tree moments ago:

Like Microsoft suggested, the exploit should be very reliable across different systems. In the above screenshot, we tested the exploit against different platforms from Windows XP, Windows 7, all the way to Ubuntu and OSX. As long as your target has the vulnerable version of Java, this exploit should get you shells.

To have a play with this and all our other fun exploits, download the free Metasploit Community Edition here. We'll be hosting a webcast on April 25th to discuss this and other Java security concerns. Save the date and watch this space for more info!